Re: DDoS protection module suggestion

unclepieman Wrote:
-------------------------------------------------------
> Hey,
>
> Instead of a 503, i would redirect them
> localhost:81 and allow them to
> validly themselves via captcha system in case its
> a false positive.
> Like above, if a host logs the same src_ip more
> than $x times in $xy
> min, u should be moving the acl up the chain, your
> sub-distribution,
> distribution cor or even edge routers.

It would be nice to have it configurable either way, but when you are hit with a 50k bot attack and you have IPs requesting 50 pages per second, you want to put them down immediately, not spend server time serving them a dynamic captcha page.